Domain 4: Communicatins and Network Security Flashcards
Simplex
Half-Duplex
Full Duplex
Simplex: One way, like a car radio
Half-Duplex: sends or receives one at a time
Full Duplex: sends and receives simultaneously
Baseband
Broadband
Baseband
- One channel. Can only receive one signal at a time.
- Ethernet networks
Broadband
- Multiple channels
- Can send and receive multiple signals
- Cable TV
PAN
GAN
PAN: Personal Area Network:
- Low power wireless technologies
- Bluetooth
GAN: Global Area Networks
-A collection of WANs
Packet Switched Network
- Data is broken into packets and each sent individually
- Chooses the best route/different route
- Reassembled by receiving node
- Missing packets can be resubmitted
- Out of order packets can be re-sequenced
- Makes unused bandwidth available for other connections
OSI Model Layers - Functions
- Application - Network process to applications
- Presentation - Data Representation
- Session - Interhost Communication
- Transport - End-to-End Connections
- Network - Address and Best Path
- Data Link - Access to Media
- Physical - Binary transmission
OSI Model Benefits
- Reduces complexity
- Standardizes interfaces
- Facilitates modular interfaces
- Ensures interoperability
- Accelerates evolution
- Simplifies teaching and learning
Layer 1: Physical Layer
- Describes units of data as bits represented by energy.
- Cabling
- Devices- hubs and repeaters
OSI Model Layers - Packages
- Application - protocol data units
- Presentation - protocol data units
- Session - protocol data units
- Transport - segment (TCP)/Datagram (UDP)
- Network - packets
- Data Link - frames
- Physical - bits
Layer 2: Data Link
-Handles access to the physical layer as well as local area network communications
-Divided into two sub-layers
>Media Access Control (MAC) - transfers to and from the the physical layer - touches layer 1
>Logical Link Control (LLC) - handles LAN Communications - Touches Layer 3
Layer 3: Network
- Describes routing: moving data from a system on one LAN to a system on another
- Provides connectivity and path selection between two end systems
- Routing
- IP Addresses and router
- IPv4 IPv6
- Also called logical address
Layer 4: Transport
- Handles packet sequencing, flow control and error detection
- Concerned with transportation issues between hosts
- Data transport reliability
- Establish, maintains and terminate virtual circuits
- Fault detection and recovery
- Information flow control
- TCP Protocol
Layer 5: Session
- Connections between applications
- Manages sessions
- provides maintenance on connections
- Remote call procedures (RPC)
- Simplex, half, full duplex communications
Layer 6: Presentation
- Presents data to the application and user in a comprehensible way
- Insures data is readable by receiving system
- Format of the data
- Negotiates data transfer syntax for application layer
- Concepts include data conversion
- JPEG, GIF, HTML
Layer 7: Application
-Where users interface with computer application
-Web browser, work processor, IM app
-Provides network services to application process such as email, file transfer
Protocol Telnet, FTP
TCP/IP Model
- Application Layer
- Transport Layer (Host To Host)
- Internet Layer
- Network Access
- created by US Defense Advanced Research Projects Agency in 1970s
- Suite of protocols including UDP, ICMP Layer 4
- IP Layer 3
TCP/IP Model OSI Model
TCP/ IP vs. OSI
Application Layer = Application Layer
Presentation Layer
Session Layer
Transport (Host To Host) Layer = Transport Layer
Internet Layer = Network Layer
Network Access = Data Link Layer
Physical Layer
TCP - Transmission Control Protocols
- Connection-oriented protocol
- supports dialogues between source and destination
- packages information into segments
- provides reliable full-duplex
- supports flow control
- retransmission
UDP - User Datagram Protocol
- connectionless protocols
- packages information into datagrams
- does not provide flow control
- error processing and retransmission must be handled by other protocols
- unrealiable
Encapsulation
- Takes information from a higher layer and adds a header to it.
- The higher layer sees information as data
MAC Addresses
-48 bits long
.first 24 form the Organizationally unique identifier
.last 24 form serial number (extension identifier)
-IEEE created the EUI-64 for 64 bit MAC addresses
IP V4
- 32-bit address field allows 2(32) or nearly 4.3 billion addresses
- IP header field is 20 bytes long
- Designed in the 1970s to support packet-switched network
- Requires a “helper protocol” called ICMP
- IP in connectionless and unreliable. Provided best effort
- Connection and reliability has to be provided by protocol carrier like TCP
IPv4 IP Fragmentation
-Maximum Transmission Unit (MTU): maximum PDU size of a network
- Fragmentation breaks a large packet into multiple smaller packets
- Typical MTU size for an IP packet is 1500 bytes
IPv6
- Larger address space (128-bit address compared to IPv4’s 32 bits)
- 2(128)
- 340 sextillion addresses
- IPv6 header is 40 bytes vs. 20 bytes of IPv4
IP v6 Address and Configuration
- Can stateless configure a unique address. No need for static addressing or DHCP
- Stateless takes the host;s MAC and uses it to configure IP
- DHCP be used with IPv6. Called “Stateful Autoconfiguration”
IPv4 IP address Ranges
Class A: 0-126 Class B: 128-191 Class C: 192-223 Class D: 224-239 Class E: 240-255
RFC 1918 Addressing
Three blocks of IP addresses are set aside
- 10.0 - 10.225
- 127 - Loopback
- 172.16 - 172-31
- 192.168
ARP RARP
Address Resolution Protocol (ARP)
.Used to translate between layer 2 MAC address and Layer 3 IP address
.Asks who has IP address …
RARP
.Used in diskless workstations
.Node asks:”Who had MAC address at 00:48:
TCP
.Reliable Layer 4 protocol
.Uses 3 way handshake (SYN, SYN-ACK,SYN back)
can reorder segments that arrive out of order
.Header 20 bites long
Socket Pair
.Combination of an IP address and a TCP-UDO port on one node
TCP Flags
URG: Packets contains urgent data ACK: Acknowledge received data PSH: Push data to application layer RST: Reset (tear down) a connection SYN: Synchronize a connection FIN: Finish a connection (gracefully) CWR: Congestion Window Reduced ECE: Explicit Congestion Notification Echo)
TCP Handshake
- The client chooses the initial sequence number, set in the first SYN packet
- The server also chooses its own initial sequence number, set in the SYN/ACK packet
- Each side acknowledges the other’s sequence number by incrementing it. This is the acknowledgement number.
- Once the connection is established, ACK, typically each segment.
DNS - Domain Name Service
- A distributed global hierarchical database that translates names to IP addresses and vice versa
- Uses both TCP and UDP
DNS Security Extension DNCSEC
-provided authentication and integrity to DNS response via the use of public key encryption
Ethernet (CSMA/CD CSMA/CA)
Carrier Sense Multiple Access
- Collision Detection
.Monitor network to see if idle before transmit
.Used in wired ethernet
- Collision Avoidance (CA)
. used for systems such as 802.11 wireless that cannot send and receive simultaneously
. relies on acknowledgement from the receiving station.
Private IP Address Ranges
- 10.0.0.0–10.255.255.255 (a full Class A range)
- 172.16.0.0–172.31.255.255 (16 Class B ranges)
- 192.168.0.0–192.168.255.255 (256 Class C ranges)
Routing Protocols - Interior
Distance Vector: maintain list of destination networks along with metrics
. RIP- Routing Information Protocol
. IGRP- Interior Gateway Routing Protocol
. EIGRP
Link State: Gather router characteristics, like latency
.OSPF
.ISISI
Routing Protocols - Exterior
Path vector routing protocol” make next hop decisions based on the entire remaining path to the destination
.BGP- Border Gateway Protocol
Spread Spectrum
Spread spectrum means that communication occurs over multiple frequencies. Thus, a message is broken into pieces, and each piece is sent at the same time but using a different frequency. Effectively this is a parallel communication rather than a serial communication.
Firewall Types
.Static Packet-Filtering Firewalls: filters traffic by examining data from a message header
.Application-Level Firewall: filters traffic based in a single internet service, protocol, or application
.Circuit-Level Firewalls: used to establish connections between trusted partners (Layer 5 -Session Layer)
.Stateful Inspection Firewall: evaluate the state, session, context of network traffic. (Layer 3, Network Layer)
.Next-Generation Firewall: MFD UTM, composed of several security features, >application filtering >deep packet inspection .TLS offloading .content filter IPD,PDS
.Internal Segmentation Firewall: deployed between internal network segments.
Proxies
Proxy server are a variation of an Application-level firewall or circuit-level firewall.
.used to mediate between clients and servers.
> Forward proxy is a standard or common proxy that acts as an intermediary for queries of external resources. A forward proxy handles queries from internal clients when accessing outside services.
> Reverse proxy provides the opposite function of a forward proxy; it handles inbound requests from external systems to internally located services. A reverse proxy is similar to the functions of port forwarding and static NAT
Endpoint detection and response (EDR)
.Focuses on both endpoint device as well as network communication.
.EDR is an evolution of traditional anti-malware products, IDS, and firewall solutions. EDR seeks to detect, record, evaluate, and respond to suspicious activities and events, which may be caused by problematic software or by valid and invalid users.
IEEE 802.1X
.Defines the use of encapsulated EAP to support a wide range of authentication options for LAN connections.
.The IEEE 802.1X standard is formally named “Port-Based Network Access Control
Tunneling
.Network communications process that protects the contents of protocol packets by encapsulating them in packets of another protocol.
Split tunnel: VPN configuration that allows a VPN-connected client system (i.e., remote node) to access both the organizational network over the VPN and the internet directly at the same time.
Full tunnel: VPN configuration in which all of the client’s traffic is sent to the organizational network over the VPN link, and then any internet-destined traffic is routed out of the organizational network’s proxy or firewall interface to the internet